Ethical Hacking - Social Engineering

Social Engineering is an art. In terms of Information Security, Social Engineering refers to psychological manipulation of people into performing actions or revealing confidential information. Hackers use Social Engineering tactics because it is usually easier to exploit your mind than it is to discover ways to hack your computer system, networks or social media etc. This technique is used to perform large number of cyber crime.

Types of Social Engineering :

  • Human-based social engineering

  • Computer-based social engineering

  • Mobile-based social engineering

Most common Social Engineering attacks are :

1. Phishing : Phishing is the most common type of social engineering attack. In this attacks, the attacker or hacker recreates the website or support portal of a renowned company and sends the link to targets via emails or social media platforms. The other person, completely unknown of the real attacker, ends up compromising personal information and even credit card details.

2. Spear Phishing : It can be assumed as a subset of Phishing. Although a similar attack, it requires an extra effort from the side of the attackers. They need to pay attention to the degree of uniqueness for the limited number of users they target. And the hard work pays off, the chances of users falling for the false emails are considerably higher in the case of spear phishing.

3. Pretexting : This is an another type of Social Engineering attacks. It is based on a scripted scenario presented in front of the targets, used to extract other information.